Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-43430

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : compuware_topaz_for_total_test
    • EPSS Score: %0.26
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-43429

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file ... Read more

    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43428

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the... Read more

    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43427

    Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : compuware_topaz_for_total_test
    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43426

    Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products : s3_explorer
    • EPSS Score: %0.14
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43425

    Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attacke... Read more

    Affected Products : custom_checkbox_parameter
    • EPSS Score: %3.71
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43423

    Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Jav... Read more

    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43422

    Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenk... Read more

    Affected Products : jenkins compuware_topaz_utilities
    • EPSS Score: %0.21
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-43421

    A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.... Read more

    Affected Products : tuleap_git_branch_source
    • EPSS Score: %0.20
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43420

    Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to contr... Read more

    • EPSS Score: %7.56
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43419

    Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.... Read more

    Affected Products : katalon
    • EPSS Score: %0.12
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43418

    A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon Plugin 1.0.33 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored ... Read more

    Affected Products : katalon
    • EPSS Score: %0.08
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43417

    Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth... Read more

    Affected Products : katalon
    • EPSS Score: %0.13
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-3577

    An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. Th... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-39823

    An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error... Read more

    • EPSS Score: %0.22
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-37453

    An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.... Read more

    • EPSS Score: %0.22
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 8.1

    HIGH
    CVE-2022-31690

    Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via th... Read more

    • EPSS Score: %0.21
    • Published: Oct. 31, 2022
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-2627

    The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : newspaper
    • EPSS Score: %23.64
    • Published: Oct. 31, 2022
    • Modified: May. 08, 2025

  • 4.7

    MEDIUM
    CVE-2024-2159

    The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to... Read more

    Affected Products : sassy_social_share
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 6.3

    MEDIUM
    CVE-2024-0905

    The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users... Read more

    Affected Products : fancy_product_designer
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025
Showing 20 of 291717 Results